Emails continue to be cyber-criminals’ vector of choice for distributing malware and phishing, according to a report released today by Proofpoint.

The Quarterly Threat Report Q3 2018 found that the frequency of email fraud attacks and the number of individuals targeted per organization are continuing to rise. Credential-stealing banking Trojans comprised 94% of malicious payloads, and the number of malicious URLs grew, making it a more common attack vector than malicious attachments.

Emails attempting to steal corporate credentials increased over 300% between the second and third quarters of 2018.

In addition, the research indicated that social media platforms have done an excellent job of combating phishing links, resulting in a 90% decrease in attacks year-over-year. However, phishing attempts that leverage social-media-support fraud, which relies on fake customer service accounts to fool people into handing over their personal data, reached its highest level ever in September.

The report also noted that this type of angler phishing increased 486% year-over-year.

While banking Trojans made up 46% of all malicious payloads, a whopping 90% of those were Emotet and Panda Banker (also known as Zeus Panda). Emotet was consistently used in large, almost daily campaigns by an actor researchers have identified as TA542.

Though ransomware has someone dissipated, dropping 10% points from Q2 and comprising only 1% of the overall malicious messages, the report warned that it might not be forgotten just yet.

“We observed a return of ransomware, albeit at much lower levels than we saw in 2017. However, this spike appeared to be a ‘testing of the waters’ since ransomware message volumes dropped. This suggests that ransomware campaigns did not generate sufficient returns for threat actors to continue distributing them at scale,” the report said.

In place of ransomware, attackers have shifted to downloaders and stealers, which accounted for 48% of all malicious payloads in Q3. Researchers identified three new downloaders, suggesting a trend towards the distribution of small-footprint malware that is a bit more stealthy and able to do more reconnaissance.

While there was a reduction in the number of spoofed sender identities – a significant 68% drop – an average of 27 people were targeted per attack, representing a 96% increase in target victims year over year. The report indicated that attacks continue to have success exploiting the human factor.